syzbot |
sign-in | mailing list | source | docs | 🏰 |
| ID | Workflow | Result | Correct | Bug | Created | Started | Finished | Revision | Error |
|---|---|---|---|---|---|---|---|---|---|
| ed8a4107-4126-4fd7-af1d-48e63e9b2940 | assessment-kcsan | Benign: ✅ | ❓ | KCSAN: data-race in free_mnt_ns / rb_erase (2) | 2026/05/08 17:30 | 2026/05/08 17:30 | 2026/05/08 17:55 | 4951913a15c866072f314415ff2ff2ab0ba210d1 |
================================================================== BUG: KCSAN: data-race in free_mnt_ns / rb_erase write to 0xffff88811c183698 of 8 bytes by task 20276 on cpu 1: __rb_erase_augmented include/linux/rbtree_augmented.h:244 [inline] rb_erase+0x21a/0x680 lib/rbtree.c:443 ns_tree_node_del kernel/nstree.c:147 [inline] __ns_tree_remove+0x61/0x240 kernel/nstree.c:244 mnt_ns_tree_remove fs/namespace.c:150 [inline] free_mnt_ns+0x94/0xc0 fs/namespace.c:4185 namespace_unlock+0x393/0x4c0 fs/namespace.c:1711 class_namespace_excl_destructor fs/namespace.c:90 [inline] put_mnt_ns+0x100/0x140 fs/namespace.c:6276 nsproxy_free+0x20/0x3a0 kernel/nsproxy.c:66 deactivate_nsproxy kernel/nsproxy.c:80 [inline] put_nsproxy include/linux/nsproxy.h:110 [inline] switch_task_namespaces+0x9a/0xe0 kernel/nsproxy.c:260 exit_nsproxy_namespaces+0x17/0x20 kernel/nsproxy.c:265 do_exit+0x4a9/0x1530 kernel/exit.c:974 do_group_exit+0xfe/0x140 kernel/exit.c:1117 get_signal+0xe30/0xf20 kernel/signal.c:3037 arch_do_signal_or_restart+0x96/0x450 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:64 [inline] exit_to_user_mode_loop+0x6a/0x6f0 kernel/entry/common.c:98 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:238 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:318 [inline] do_syscall_64+0x232/0x3b0 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f read to 0xffff88811c183698 of 8 bytes by task 20295 on cpu 0: mnt_ns_tree_remove fs/namespace.c:149 [inline] free_mnt_ns+0x62/0xc0 fs/namespace.c:4185 namespace_unlock+0x393/0x4c0 fs/namespace.c:1711 class_namespace_excl_destructor fs/namespace.c:90 [inline] put_mnt_ns+0x100/0x140 fs/namespace.c:6276 nsproxy_free+0x20/0x3a0 kernel/nsproxy.c:66 deactivate_nsproxy kernel/nsproxy.c:80 [inline] put_nsproxy include/linux/nsproxy.h:110 [inline] switch_task_namespaces+0x9a/0xe0 kernel/nsproxy.c:260 exit_nsproxy_namespaces+0x17/0x20 kernel/nsproxy.c:265 do_exit+0x4a9/0x1530 kernel/exit.c:974 do_group_exit+0xfe/0x140 kernel/exit.c:1117 get_signal+0xe30/0xf20 kernel/signal.c:3037 arch_do_signal_or_restart+0x96/0x450 arch/x86/kernel/signal.c:337 __exit_to_user_mode_loop kernel/entry/common.c:64 [inline] exit_to_user_mode_loop+0x6a/0x6f0 kernel/entry/common.c:98 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:238 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:318 [inline] do_syscall_64+0x232/0x3b0 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f value changed: 0xffff888119e9f698 -> 0xffff88811a2b1899 Reported by Kernel Concurrency Sanitizer on: CPU: 0 UID: 0 PID: 20295 Comm: syz.2.11111 Tainted: G W syzkaller #0 PREEMPT(full) Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 ==================================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2026/05/08 17:30 | upstream | 917719c412c4 | b2988c17 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-kcsan-gce | KCSAN: data-race in free_mnt_ns / rb_erase |